Are you familiar with the concept of phishing and its impact on data security? Do you know what phishing is and why it’s such an important topic for healthcare workforce members? With some essential facts and tips about phishing, you can help keep your workforce and patient information safe from attackers.

What is Phishing?

Phishing is the act of tricking you into sharing sensitive information through email or encouraging you to take action that then gives criminals access to your accounts, computer, and possibly even your network. Phishing usually involves a sense of urgency or a problem that needs to be quickly resolved in order to lure you into making a mistake, such as sharing passwords to sensitive information like bank accounts or electronic health information. Phishing is still the number one vector for cyberattacks because they are so effective.

Even though phishing is a common cyberattack, most workforce members have limited knowledge about this email attack. They often need to figure out what to look for, when not to overshare sensitive information, or when to be weary of a link or file available for download. If you work in IT, you know that your users are the weakest link in protecting sensitive information. The users, however, should have executive level decision making when it comes to email. If users don’t know what phishing is, how can they prevent it?

However, with the right training and resources in place, healthcare organizations can educate their workforce, which can go a long way in securing sensitive data. Together, healthcare organizations and their workforce can be active in online safety by knowing what to look for and what to do in the case of a phishing attack.

Phishing Facts

• 28% of users reuse passwords for multiple work-related accounts. Reusing passwords jeopardizes all accounts. Learn more about the importance of password safety in our recent blog post.
• Phishing is the number one cause of a data breach for organizations and are often caused by stolen credentials!
• In 2022 an average of 3.4 billion emails were sent per day! That means about 1 in 99 emails are phishing attempts. Because cyber criminals know that it only takes one click, they often have an assembly of resources to send out phishing emails.
• Brand type phishing emails are successful because users feel comfortable with the brand associates and do not read or check the sender’s address. LinkedIn and Microsoft were the top brands used in phishing emails.

How to Avoid Phishing Tricks

A multi-layered approach to phishing defense, including Secure Email Gateways (SEG) and Cloud email security are essential, but security awareness training is the key to prevention. While cybersecurity is a vital resource for healthcare organizations to stay secure in today’s digital world, education about how to be cybersecure is essential to keeping your workforce safe from phishing attempts. The more training and simulated phishing testing your organization can offer your workforce, the more tools they have to handle suspicious emails and make better decisions. Consider who has access to sensitive company information, such as financial systems and electronic patient health information, and provide them with additional training.

Consistently check emails for signs of phishing. Some phishing messages can be difficult to tell if it is real because cyber criminals create emails to look like they are from legitimate sources, including bank information, government agencies, and online retail stores like Amazon. Be on the lookout for suspicious emails, hyperlinks, and files you did not request.

You can share the following with your workforce to help them make better email decisions:

Stop, Look & Think Before

• Opening attachments that don’t make sense or attachments that you were not expecting.
• Replying to requests for sensitive information such as user login name and password.
• Clicking that link! Phishing hyperlinks have misspellings or are long with no other information. They often have spoofed hyperlinks that have a different destination than what is shown in the preview. Hover your mouse over links to see if the address differs from what is displayed in the message.
• Reacting to emails that use scare tactics and prompts for a quick response. Be cautious of any message communicating a sense of urgency or naming consequences if immediate action is not taken.

Always report suspicious emails to your IT department or follow your organization’s procedures for suspicious emails. IT workforce members can review your device(s) settings or assist you with software updates.

Stimulated Phishing Testing & Cybersecurity Awareness Training

According to the Proofpoint The State of the Phish Report 2023, more than a third of healthcare workers cannot define terms like malware, phishing, and ransomware. As a result, healthcare organizations must invest in regular security awareness training to ensure their workforce can identify scams and avoid attacks.

PrivaPlan Associates want to help organizations have the best Cybersecurity Literacy program possible. We can identify gaps in phishing knowledge with simulated phishing testing and targeted training in our HIPAA Managed Phishing Testing & Cybersecurity Awareness Training program. Adopting a good Cybersecurity program that includes regular simulated phishing tests and training gives your workforce the tools to make good email decisions. Contact us today to get started!